[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control 'set=', no problem any more (ITS#3140)

To: openldap-its@OpenLDAP.org
Subject: Re: access control 'set=', no problem any more (ITS#3140)
From: hager@transgene.fr
Date: Thu, 13 May 2004 07:19:47 GMT

Yes, it's working fine now.

Thanks for fixing it so fast !

Best regards,
Herve

----- Original Message ----- 
From: <ando@sys-net.it>
To: <openldap-its@OpenLDAP.org>
Sent: Wednesday, May 12, 2004 11:32 PM
Subject: Re: access control 'set=' problem (ITS#3140)


> 
> > I think I got it: the function that evaluates if a set matches
> > calls aci_match_set(), which on turn calls backend_attribute()
> > to access the specific attribute that's used by the set in a
> > backend-independent manner.  This function has been recently
> > reworked to only access those attributes that can be actually
> > accessed by the requester, i.e. it assesses access permission
> > as well, causing the andless recursion I mentioned earlier.
> >
> > I think a solution would be to specialize backend_attribute to
> > skip ACL check on certain calls.  I'll have a look at it.
> 
> It should now be fixed in HEAD; please test.  Thanks for reporting
> the problem.
> 
> p.
>

Prev by Date: Re: access control 'set=' problem (ITS#3140)
Next by Date: seg fault when using empty db suffix (ITS#3141)
Index(es):
- Chronological
- Thread